Privacy Policy

At Lumifin, we take your privacy seriously. This policy explains how we collect, use, and protect your information when you use our website, application, and services.

Lumifin is a financial decision-modeling tool. You trust us with sensitive financial information, and we treat that responsibility with the highest care.

Information We Collect

Account information:

• Name, email address, and login credentials
• Profile details (birth year, ZIP code, filing status, household size)

Financial information you provide:

• Income sources and amounts
• Investable asset totals by account type (e.g., Traditional IRA, Roth, taxable)
• Monthly and annual expenses
• Financial goals, scenarios, and planning assumptions

Waitlist and beta application information:

• Name, email, and survey responses submitted through our landing pages

Automatically collected information:

• Browser type, device information, and IP address
• Usage patterns within the application (pages visited, features used)

How We Use Your Information

• Providing the service - To generate projections, scenarios, and your Confidence Spending number
• Account management - To authenticate you and maintain your account
• Product improvement - To understand usage patterns and build better features
• Customer support - To diagnose issues and respond to your requests
• Communications - To send product updates, beta invitations, and service notifications

We will NEVER sell, rent, or share your personal or financial data with third parties for advertising or marketing purposes.

Internal Data Access

Your financial data is private. Lumifin team members may only access individual user data for the following purposes:

• Customer support - When you report an issue or request help, we may view your account data to diagnose and resolve the problem
• Debugging and reliability - To investigate errors, fix bugs, and ensure the system is working correctly
• Data integrity - To verify that calculations and projections are accurate

We do not browse, review, or analyze individual users' financial data for curiosity, research, or any purpose beyond the above. Aggregate, anonymized data may be used to improve the product.

Data Storage & Security

• Encrypted at rest - Your data is stored in encrypted databases hosted by Supabase (built on PostgreSQL with AES-256 encryption)
• Encrypted in transit - All data transmitted between your browser and our servers uses TLS (HTTPS)
• Access-controlled - Database access is restricted through row-level security policies and role-based permissions
• Hosted in the US - Our infrastructure is hosted on AWS (via Supabase and Vercel) in US regions
• Never sold - We will never sell, rent, or share your data with third parties

Data Retention & Deletion

We retain your data for as long as your account is active. If you cancel your subscription or request account deletion:

• Your account and all associated financial data will be permanently deleted within 30 days of your request
• Anonymized, aggregate usage data (which cannot identify you) may be retained for product analytics
• Backups containing your data are automatically purged within 90 days

To request account deletion, email hello@lumifin.co.

Your Rights

You have complete control over your data. You can:

• Access your data - View all data you've entered directly within the application, or request a full export
• Update your information - Edit your profile and financial data at any time within the app
• Delete your account - Request permanent deletion of your account and all associated data
• Unsubscribe - Every email includes an unsubscribe link

Cookies & Tracking

• Google Analytics - To understand how visitors use our website (anonymous, aggregated data only)
• Authentication cookies - To keep you logged into the application
• No advertising cookies - We do not use cookies for advertising or cross-site tracking

You can disable cookies in your browser settings, though this may affect your ability to use the application.

Third-Party Services

We use the following trusted third-party services to operate Lumifin:

• Supabase - Database hosting and authentication infrastructure
• Vercel - Application and website hosting
• Google Analytics - Anonymous website traffic analysis
• Stripe - Payment processing (we never store your full credit card number)

Each service has its own privacy policy and security measures. We only share the minimum information necessary for each service to function. None of these services have access to your financial planning data.

Beta Program

If you participate in the Lumifin beta program, the same privacy protections apply to your data. Additionally:

• Feedback you provide through beta channels (Discord, surveys, email) may be used to improve the product
• We may review aggregate usage patterns from beta participants to prioritize features
• Your beta participation status is kept confidential per the Beta Confidentiality Agreement

Children's Privacy

Lumifin is intended for use by adults (18+). We do not knowingly collect information from children under 18. If you believe we have collected information from a minor, please contact us immediately.

Changes to This Policy

We may update this privacy policy from time to time. When we do, we will:

• Update the "Last Updated" date at the top of this page
• Notify active users of significant changes via email
• Post the updated policy on our website

GDPR & CCPA Compliance

For users in the EU (GDPR) and California (CCPA), you have additional rights:

• Right to access - Request a copy of your data
• Right to deletion - Request permanent deletion of your data
• Right to rectification - Correct inaccurate information
• Right to object - Object to data processing
• Right to portability - Receive your data in a portable format

To exercise any of these rights, contact us at hello@lumifin.co.

Contact Us

Questions, concerns, or requests about your privacy or this policy?

Email: hello@lumifin.co
Response Time: We aim to respond within 48 hours